Google has pushed out a new version of Chrome for Windows, macOS and Linux to patch a zero-day flaw that is being actively exploited in the wild.
The update takes Chrome to version number 88.0.4324.150. You can check where your Chrome installation is by going to Settings (the three stacked dots in the upper right corner) > Help > About Google Chrome. Opening that page will force Chrome to update if it hasn't already.
- Google Chrome on Android just got an upgrade iPhone users have had for years
- Chrome vs. Firefox vs. Microsoft Edge: Which browser uses the most RAM?
- Plus: Beware links to Discord's website — it could be malware
Other browsers that share Chrome's code may not have caught up yet. At the time of this writing, Brave was still stuck on the previous version. Microsoft Edge had an update ready, but because its version-numbering scheme is different, we can't quite tell if it fixes the Chrome flaw.
Google didn't provide many details about the flaw being fixed in its Chrome release bulletin, but did say it addresses a "heap buffer overflow in V8," Chrome's JavaScript engine. That means the flaw lets a process overflow the memory limitations for JavaScript processes and then inject code into them.
The flaw has been given the catalog number CVE-2021-21148, and Google said it was "aware of reports that an exploit ... exists in the wild."
The flaw was reported to Google by an independent security researcher named Mattias Buelens on Jan. 24. That was the day before Google disclosed a North Korean espionage campaign against security researchers that used flaws in Chrome and Internet Explorer, so there may be some connection.
